[
https://issues.apache.org/jira/browse/DIRMINA-1007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14333097#comment-14333097
]
alexander todorov commented on DIRMINA-1007:
--------------------------------------------
We found the vulnerability by modifying the source code of Open SSL3 in this
way:
In s_client.c change the line
BIO_printf(sbio,"AUTH TLS\r\n");
With
BIO_printf(sbio,"AUTH TLS\r\nFEAT\r\n");
and recompile
Then run the command:
./openssl s_client -connect ip_of_ftp_server:21 -starttls ftp -cipher
EXP-RC4-MD5 -tls1 -showcerts
> plain text injection during initialization of encrypted channel
> ---------------------------------------------------------------
>
> Key: DIRMINA-1007
> URL: https://issues.apache.org/jira/browse/DIRMINA-1007
> Project: MINA
> Issue Type: Bug
> Reporter: alexander todorov
>
> Hi,
> We have plain text injection problem with mina 2.0.4 (It is reproducible with
> 2.0.9 as well).
> This is the problem
> The FTP client sends the commands:
> auth tls\r\nfeat
> and the feat command is executed.
> It became obvious, that the output was received encrypted. However, the
> command was sent unencrypted. In general, it is possible to inject commands
> in plain-text during the initialization of the encrypted
> channel. This can be abused for attacks against the user.
> All unencrypted commands that are send after “auth tls” must be ignored.
> Do you plan to fix this issue ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
